How Blockchains Get Attacked and How Bitcoin Got Hacked, Part I

This is the first part of Chapter 10 from the book “The Ins and Outs of Bitcoin for Merchants” by Bernhard Kaufmann, which is currently available on Leanpub (with minimum price being FREE). I happen to know Bernhard for quite a few years, and have learned to trust him in general and his expertise in particular. Enjoy his writing about blockchain-related security issues (though keep in mind that his target audience is merchants so the discussion is not as technical as some of us would prefer).

— No Bugs

Potential Security Vulnerabilities

“Security is often cited as the foremost advantage of choosing blockchain technology over centralized systems.Security is often cited as the foremost advantage of choosing blockchain technology over centralized systems. However, decentralized technologies are not completely immune to hacking and various other security vulnerabilities. The following sections describe a variety of ways hackers could potentially attack Bitcoin, other blockchains, and their applications.

Launching a 51% Attack

If a single entity (such as a mining pool) controlled the majority of the hashing power within a blockchain network (such as Bitcoin or Ethereum), it could launch what is known as a “51% attack.” This entity could then change the protocol, confirm transactions arbitrarily, and even reward itself with more coins than allowed.

However, there are still practical obstacles to implementing a 51% attack. First, the entity launching the attack would need to acquire the necessary hardware resources, and this would be incredibly expensive.

Second, there’s nothing to stop other miners on the network from forking to create a separate blockchain and ignoring the attacker’s input. Indeed, the Bitcoin community would stop trusting a network whose mining power is controlled more than 50% by a single entity.

The Bitcoin network has, in the past, approached the point where one mining pool came close to the 51% mining power threshold. Miners solved the problem when some voluntarily left the pool to reassure the community [Beigel].

“In reality, a 51% attack is feasible — especially with the rise of mining pools (groups of people mining together as a single unit). However the potential damage one could cause is small — though it might represent enough of a threat to cause a panic that could seriously threaten bitcoin’s use as an online currency.” [Learncryptography].

Who has the power to launch an attack?

“Based on the cost of ASIC chips, it’s completely reasonable to assume that even a small government would have sufficient resources to launch a 51% attack against the Bitcoin network.Based on the cost of ASIC chips, it’s completely reasonable to assume that even a small government would have sufficient resources to launch a 51% attack against the Bitcoin network.

Some commentators claim that the Bitcoin network probably uses less electricity than one small Californian hydroelectric plant, or slightly more than 600 average American homes [Rothstein]. Others have calculated Bitcoin’s entire computational output as being more powerful than 525 Googles or 10,000 banks [Middleton]. It’s incorrect to compare Google and other general-purpose cloud servers to Bitcoin, however, because they use and enable fundamentally different types of computations. Cloud computers use general-purpose, Turing-complete programs, while Bitcoin nodes use specific-purpose hash computations.

The Bitcoin network uses specialized ASICS processors designed for the sole purpose of mining bitcoins. These processors are much cheaper than traditional general-purpose cloud CPUs, and they consume orders-of-magnitude less electricity. In short, the Bitcoin network consumes a lot less energy than any Google cloud data center.

Most newly designed blockchains discourage concentration of mining power. Their protocols specify the type of hardware required for mining. Indeed, some blockchains, such as Æternity, deploy smart consensus mechanisms that allow mining with smartphones. This encourages decentralization, since there has never been a computer mining hardware race like we’ve witnessed with Bitcoin.

Æternity is indeed an interesting project because it explores a range of new blockchain implementation ideas, such as decentralized oracles, a hybrid proof-of-work, proof-of-stake algorithm and off-chain smart contracts [AEternity].

DDoSing the Blockchain

“The most effective way for blockchains to counter DDoS attacks...The majority of blockchains have a cap on the number of transactions they handle per second or per block. For instance, the Bitcoin blockchain currently handles a theoretical maximum of seven transactions per second. There have been moments in the past, however, when the system has received more transactions than it could handle and users had to wait hours for their transactions to be confirmed.

The constrained capacity of the Bitcoin block, which is limited to one megabyte (MB), creates room for distributed denial of service (DDoS) attacks, in which an attacker disrupts the service by spamming it with a high volume of microtransactions.

Simply increasing the block size, however, doesn’t solve the problem. In fact, Satoshi Nakamoto reduced the size of the Bitcoin block to 1MB in 2010 in order to avoid spam attacks. With a bigger block, attackers could just fill in a lot of the space with junk data.

The most effective way for blockchains to counter DDoS attacks, however, is by imposing sufficient gas, meaning higher transaction fees. This makes it expensive to overwhelm the network with high volumes of meaningless traffic. Speaking of defense, going offline for a while is surprisingly effective too.

Transaction Malleability Attacks

“A transaction malleability attack happens when a user hijacks a transaction and alters its unique ID before it is recorded on the blockchainA transaction malleability attack happens when a user hijacks a transaction and alters its unique ID before it is recorded on the blockchain. The purpose is often to achieve some form of double spending. The altered transaction is recorded on the blockchain, while the original transaction remains indefinitely pending.

Attackers can use transaction malleability to withdraw double value from services such as Bitcoin exchanges. A fairly popular exchange experienced a problem described as follows: “It can happen that [an] attacker’s transaction with an altered [transaction ID] will be confirmed in the blockchain first, while the original transaction will never be confirmed. This will allow a hacker to complain that the transaction is pending and claim compensation. More than one fake transaction can be made based on the original transaction.” [Bitcoin.com]

When it was initially discovered, this issue didn’t come down to a problem with the Bitcoin network, but rather cryptocurrency exchanges, which use their own proprietary transaction software. Often this software wasn’t designed to take into account the existence of transaction malleability and therefore didn’t include the necessary precautions to avoid such attacks. All popular cryptocurrency exchanges have since fixed their software.

In my experience, many Bitcoin holders and firms encounter malware issues on a daily basis. Computers are easily infected, and everyone is advised to run malware and antivirus scans on a regular basis. Malware on local computers can easily alter Bitcoin addresses in wallets and even on third-party payment pages.

Malware and why it’s Good to Keep Your Machine Tidy

As I’ve just mentioned, issues with malware targeting Bitcoin can raise their ugly heads. These can include private keys being stolen, bots mining with stolen processing power, and ransomware that encrypts a file to be unlocked upon — you guessed it — receiving a ransom.

“Rest assured that Bitcoin isn’t nearly as vulnerable to fraud as card payments areRest assured that Bitcoin isn’t nearly as vulnerable to fraud as card payments are. This is due to the fact that only keys are exchanged, not a host of permanent codes that can easily be misused when stolen. Most of the malware issues you might experience would come from your very own computer. You’d be as safe as possible if you simply ensured your security system was up to date. So, make sure you keep your antivirus software up to date!

Even though there are many policies for computer security in place to protect against fraud, they are not foolproof, as any merchant who accepts card payments can tell you. Don’t be fooled into being lax, though. You wouldn’t want to lose your precious bitcoin because you lost or mislaid your private key, or because malware got you.

Hacking Smart Contracts

“There are recorded cases of hackers either compromising or taking advantage of loopholes in self- executing contracts on the blockchainBitcoin technology supports the creation of smart contracts. Smart contracts are computer protocols intended to facilitate the performance of a contract. They are self-executing contracts with the terms of the agreement between buyer and seller directly written into lines of code. There are recorded cases of hackers either compromising or taking advantage of loopholes in self-executing contracts on the blockchain. The best-known case involved the siphoning of about $50 million, out of $160 million raised from investors, from a decentralized anonymous organization (‘The DAO’) that the German startup Slock.it launched in early 2016.

‘The DAO’ was a virtual company with a platform designed to be managed by smart contracts on the Ethereum blockchain rather than human labor. A fully automated application was supposed to control the crowdfunded venture; however, the vehicle was charged with a bit too much artificial intelligence and staffed with a bit too little humanity. A human error occurred during the buildup and caused the robots to smash the machine in short order, quickly destroying the cornucopian vision of the endless progress of mankind through continued advances in technology. Researchers from Cornell University undertook a security review days before the mega theft. They disclosed various vulnerabilities in its code. Possible attacks, they said, included stalking, ambushes and token raids.

In the summary of their report, the Cornell researchers concluded, “The preceding concerns motivate a moratorium to prevent losses due to poor mechanism design. A moratorium would give ‘The DAO’ time to make critical security upgrades. We encourage the community to adopt a moratorium until ‘The DAO’ can be updated.” [DinoEtAl]

The problem stemmed from a bug that existed in the code written for ‘The DAO’, not with Ethereum itself. Special care is required in reviews of code to ensure that functions that move value occur after any state updates; otherwise, these state values will necessarily be vulnerable to this type of hack.

Since The DOA attack, Ethereum has added additional security features to its default language, Solidity, to make it easier to avoid this type of bug in the future. The Solidity community has also adopted the idea of formal verification for smart contracts. Formal verification can be helpful in proving the correctness of software by implementing a certain formal specification and proving that it adheres to that specification.